In this week’s Financial Crime Wave, a new report tabulates U.S. financial crime compliance costs at a whopping more than $25 billion, another notes that regulators have dinged most European, U.K. banks on anti-money laundering, criminals use virtual currencies to launder $2.5 billion, and more.

Compliance

Anti-money laundering compliance costs U.S. financial services firms $25.3 billion per year, according to new survey

The cost of AML compliance across U.S. financial services firms equaled $25.3 billion per year based on survey responses from more than 150 decision-makers at banks, investment, asset management and insurance firms, according to LexisNexis Risk Solutions in its inaugural 2018 True Cost of AML Compliance report for the United States. The report shows that smaller firms are hit hardest, relative to their bottom lines, as the cost of AML compliance reaches up to .83 as a percent their total of assets, compared to larger firms, which see costs up to .08 percent of total assets. These costs are driven by the fact that certain overhead investment requirements exist when implementing an AML program, regardless of scale. The executives surveyed reported that regulatory reporting, customer risk profiling and sanctions screening are among the key challenges for U.S. financial firms.

Operational inefficiencies pose challenges to those firms that use less technology. Financial institutions are looking to leverage AML compliance processes to better understand/manage their customer relationships. AML compliance processes can improve financial risk management and benefit other business functions, when more technologies are used. The findings also show that implementing a layered approach to AML compliance technology may not only be necessary, but also crucial to improving AML compliance processes. Firms that use a layered solutions approach, using multiple services like cloud-based KYC procedures, shared interbank databases and machine learning/AI, take significantly less time to complete due diligence than those using just one of these alone. Many firms are still relying on manual efforts with their AML compliance technology, which is not optimal for either performance or cost-effectiveness, (via LexisNexis).

As we described in Part 1 of this blog series, ghost laundering is a growing concern among online consumer companies; however, ghost laundering transactions are not limited just to gaming and online retailers. Service providers like Uber and Airbnb have been investigating reports of their platforms being leveraged to laundering money through ghost laundering for rides or venue stays which never took place. Uber reported an average of $13.36 per ride in 2015 and Airbnb an average of $160.47 per stay, but these numbers are entirely subjective. Much like the value of beef, butter, electronics, or an in-app purchase, the true value of a rental property is highly complex and subject to factors which cannot be objectively indexed in the same way as other commodities.

Thus, ghost laundering grants a criminal the ability to leverage a fictitious “weekend getaway” and some “rides” to and from said accommodations, multiple times per day and in multiple locations throughout the world, simultaneously. There are websites that allow for tradespersons to sell services like graphic design, digital marketing, or editorial work, at a value of anywhere from $10 to $6,000 per engagement. There is no way to validate whether the payment for those services rendered were actually for any supplied service or actual product. Even if challenged, a service provider could send over stock designs and there would be no way to validate that the service exchange was not legitimate, (via Reuters, Legal Executive Institute).

Virtual currencies

Criminals used Bitcoin to launder $2.5B in dirty money, data shows 380,000 BTC has been washed on cryptocurrency exchanges

New data shows criminals have laundered $2.5 billion worth dirty Bitcoin through cryptocurrency exchanges, and almost all of it ends up in countries with lax Anti-Money-Laundering (AML) regulations. Cryptocurrency research group CipherTrace conducted an analysis of 45 million transactions from the top 20 cryptocurrency exchanges globally in order to find out the prevalence of Bitcoin’s use for criminal purposes.

The data, which spans from January 2009 to September 2018, indicates 97 percent of the Bitcoin laundered through top exchanges ends up in countries with lenient AML regulations. CiperTrace deemed transactions to be of criminal nature if they came directly from, or with close connection to, sources such as “dark market sites, extortion, malware, mixer/tumbler/money laundering, ransomware, and terrorist financing services,” (via the Next Web).

Money laundering is a pan-European problem, with 90 percent of the continent’s biggest banks having been sanctioned for money laundering offences, new research by anti-money laundering (AML) experts Fortytwo Data shows. The firm found that at least 18 of the 20 biggest banks in Europe– including five UK institutions – have been fined for offences relating to money laundering within the last decade, many of them within the last few years – an indication of how widespread money laundering has become. Recent crises at the likes of ING, Danske Bank and Deutsche Bank only reinforce this impression, demonstrating how no bank is immune to money laundering sanctions, no matter how large.

All 10 of the biggest banks in Europe are known to have fallen foul of the AML authorities – HSBC, Barclays and Lloyds from the UK, French quartet BNP Paribas, Crédit Agricole Group, Société Générale and Groupe BPCE, Germany’s Deutsche Bank, Santander of Spain and Dutch bank ING. Others to have been fined in recent years are the British banks RBS and Standard Chartered, Italy’s Intesa Sanpaolo SpA, UBS Group and Credit Suisse of Switzerland, Spain’s Banco Bilbao, Dutch institution Rabobank, and Nordea Bank of Sweden. All five major UK banks – HSBC, Barclays, Lloyds, RBS and Standard Chartered – have been fined for money laundering offences. Earlier this year, Donald Toon, director of prosperity at the National Crime Agency, admitted in a Treasury Meeting that money laundering in the UK is “a very big problem” and estimated that the amount of money laundered here each year has now risen to a staggering £150 billion, (via FortyTwo Data).

Fraud

How an HSBC teller stopped a $500 Million bank heist

No matter the significance of your contributions at your job – coffee, donuts or long hours – the odds are pretty good you did not stop a $500 million bank heist. That’s what an HSBC teller in London did, according to a new investigative report in The Wall Street Journal. The alleged attempted theft is a complex, convoluted tale that involves Angolan political and financial authorities, missed SWIFT signals, forged paperwork, a get-rich-quick scheme and a small cast of international characters that, the newspaper noted, seem drawn from a Hollywood caper movie.

The tale also offers a reminder that even in this age of digital fraud — earlier this year, for instance, three banks in Mexico were the victims of an attempted cyberattack that aimed to gain access to the country’s electronic payment systems — human beings are still more than capable of setting up large-scale bank cons via old-fashioned face-to-face interaction backed by forgeries, (via Pymnts.)

Gotham’s banking regulator Wednesday penalized the New York branch of the largest and oldest bank in the United Arab Emirates $40 million for a host of financial crime compliance deficiencies, including lax oversight of dollar clearing portals for high-risk countries, monitoring and reporting on suspicious activity and policies for dealing with rogue regimes. The New York State Department of Financial Services (NYDFS), which worked in concert with the Federal Reserve, also required that Dubai-based Mashreqbank hire an outside consultant to engage in a transaction lookback to find any missed instances of aberrant activity during a six-month period in mid-2016. The penalty continues a trend of federal and New York regulators focusing on foreign banks with operations in the United States that also have sprawling correspondent banking networks – particularly those with connections to banks in regions to be at a higher risk for money laundering, corruption or terror finance.

For instance, Mashreq’s New York branch offers correspondent banking and trade finance services and provides U.S. dollar clearing services to clients located in Southeast Asia, the Middle East and Northern Africa – regions that “present a high risk in connection with financial transactions,” according to the NYDFS. The weak AML oversight of these portals was magnified due to the financial throughput through these arenas. The branch engaged in a substantial amount of U.S. dollar clearing activity for foreign customers in high risk jurisdictions. For example, in 2016, the branch cleared more than 1.2 million U.S. Dollar transactions with an aggregate value of over $367 billion. In 2017, the branch cleared well over 1 million U.S. Dollar transactions with an aggregate value exceeding $350 billion, (via the NYDFS).

News media

Newsweek's former parent company indicted in fraud and money laundering case

The co-founder of Newsweek's former parent company has been indicted on fraud and money laundering charges in New York Supreme Court. Etienne Uzac and IBT Media are accused of conspiring with two other companies to defraud lenders out of money that the media organization used to keep itself in business, according to an indictment that was unsealed Wednesday. Uzac denied the allegations and said he intends to defend himself "vigorously" against the charges. Prosecutors allege that IBT Media worked with Christian Media Corporation and Oikos Networks to pull off the scheme. The indictment alleges IBT and Christian Media convinced equipment lenders that they needed financing to buy computer equipment. They received the funds — but instead of using the money to buy computer servers, the indictment says the companies funneled it into other parts of their business.

The court documents claim that IBT Media and Christian Media Corporation concealed details about the money by creating a fictitious auditor, faking an audit and submitting false financial statements. The indictment also implicates a third company, Oikos Networks. Prosecutors claim Oikos provided computer equipment that was of poorer quality than what was shown on equipment lists and lending agreements. Instead of using it to buy the servers that lenders thought the money was being used for, Oikos is alleged to have given nearly all of the money to accounts controlled by Uzac, IBT Media, Christian Media Corporation and its CEO William Anderson,among other conspirators that were not indicted and not named in court documents, (via CNN).

The New York Department of Financial Services (DFS) has filed its second lawsuit against the Office of the Comptroller of the Currency (OCC) over the agency’s plan to permit fintech companies to apply for Special Purpose National Bank Charters. A nearly identical suit filed by the DFS last year was dismissed for lack of ripeness. Now that the OCC has finalized its fintech charter plans, the state regulator is hoping for a favorable outcome on the merits. In 2016, the OCC initially considered whether to accept applications from fintech companies for Special Purpose National Bank Charters. After accepting comments on its proposal, the OCC published draft licensing standards in 2017. In response, both the Conference of State Bank Supervisors (CSBS) and the DFS filed suit to challenge the proposal. But U.S. District Judge Naomi Reice Buchwald granted the OCC’s motion to dismiss both lawsuits, agreeing with the agency that the claims were not ripe for judicial review.

In July, the OCC announced that it will accept applications for Special Purpose National Bank Charters for fintech companies. The move ended months of speculation over whether the agency would actually follow through on the initiative. It also triggered a new lawsuit from the DFS. “The Fintech Charter Decision is lawless, ill-conceived, and destabilizing of financial markets that are properly and most effectively regulated by New York State,” according to the complaint filed by Maria T. Vullo in her capacity as superintendent of the DFS. Moreover, the “OCC’s action is legally indefensible because it grossly exceeds the agency’s statutory authority,” the DFS added, as the OCC’s power to charter banks pursuant to the National Bank Act is limited “to carry[ing] on the business of banking,” which has been interpreted for many years to require that the bank receive deposits, (via Manatt).

UWOs

In assertion to counter illicit finance, UK Court dismisses first challenge to new AML powers

The UK National Crime Agency (NCA) has successfully defended the first challenge to its new power to require individuals to explain how they have acquired assets which it suspects may represent the proceeds of crime. The NCA acquired the right to apply for and obtain unexplained wealth orders (UWOs) under sections of the Criminal Finances Act 2017 (the Act), which came into force at the end of January 2018.

It used its new powers almost immediately, obtaining two UWOs on February 28. These orders required the individual concerned to explain the origins of funds used to purchase real estate assets totaling approximately £22 million. Anonymity orders previously preventing her from being named have now been lifted and it has been confirmed that she is Mrs Zamira Hajiyeva, the wife of the former chairman of a bank in Azerbaijan. She maintains her innocence, and it is important to note that the NCA has not publicly made any allegations against her or her husband, (via Ropes & Gray).

More countries are showing heightened risks of exposure to money laundering, according to an annual ranking of countries assessing their money-laundering risk. The Basel Institute on Governance, which released the seventh edition of its Basel AML Index on Tuesday, said 83 countries, or about two-thirds of those in the index, have a risk score above 5.0 and are therefore classified as having a significant risk of money laundering and terrorist financing. High scores, based on a 10-point scale, indicate a country is more vulnerable to money laundering. More than 40 percent of the countries have higher ratings than they did in 2017, the study found. The most concerning aspect of the report, according to the institute, is that countries aren’t enforcing the laws they have on the books to fight money laundering.

“Governments may be ticking the right boxes in terms of formal compliance, but in reality [they are] neglecting enforcement of laws and measures to prevent and combat money laundering and related financial crimes,” Gretta Fenner, managing director of the Basel Institute, said in a statement. The index tweaked its approach on missing data this year, resulting in 17 countries being removed from the ranking. Among those not ranked in 2018 was Iran, which had topped the index each of the previous four years. Tajikistan was the top country for money-laundering risk this year, according to the index, followed by Mozambique, Afghanistan, Laos and Guinea Bissau. No country has zero risk of money laundering. The lowest-risk countries, according to the index, are Finland, Estonia, Lithuania, New Zealand and Macedonia, (via the WSJ). To read more about the AML index, click here.

Sanctions

J.P. Morgan to pay more than $5 million to settle allegations of violating sanctions: U.S. Treasury

J.P. Morgan Chase Bank has agreed to pay $5.3 million to settle allegations it violated Cuban Assets Control Regulations, Iranian sanctions and Weapons of Mass Destruction sanctions 87 times, the U.S. Treasury said on Friday. Treasury also said it had found the bank violated sanctions on narcotics and Syria, when it processed 85 transactions, totaling $46,127, and maintained accounts for six sanctioned individuals. A major reason the penalty was as small as it was, was that the bank self-identified and voluntarily disclosed the breaches more than six years ago along with engaging in an aggressive remediation that included an overall transaction monitoring and sanctions screening systems upgrade, according to a bank spokesman.

Specifically, on the Cuba and Iran violations, the Treasury said the bank engaged in a “very small portion” of net settlement payments that appeared to have been attributable to airline interests that were blocked by U.S. sanctions or located in countries subjected to sanctions. The penalty against JPMorgan is just the latest in a spate of sanctions-related compliance penalties, remediations and settlements dating back more than a decade and racking up billions of dollars in overall fines, mostly with the brunt of federal fury focused on foreign banks, (via Reuters). To read the full action, click here.

JP Morgan Chase's $5.3 million sanctions settlement: Some Lessons, including that the past can come back to haunt banks if they ever dealt with blacklisted entities, regions

The figure against JPMorgan, a bank that has had prior scrapes with regulators related to financial crime compliance controls, is not as eye-popping as other sanctions fines against banks that have risen as high as $9 billion, but does have some key lessons, say experts. Trade law and compliance experts say the settlement is a sign that U.S. Treasury Department's Office of Foreign Asset Control is not easing enforcement against financial institutions that violate trade sanctions. J.P. Morgan Chase & Co.’s nearly $5.3 million civil settlement quashing allegations that the bank handled dozens of payments benefiting Iranian and Cuban targets of U.S. sanctions in the airline industry suggests the U.S. Treasury Department won’t be lenient with banks that make sanctions-related missteps, several trade law and compliance experts said.

The Oct. 5 enforcement action by the Office of Foreign Assets Control also highlights the importance of following rigorous compliance procedures, they said. “The Trump administration hasn’t, up to this point, seemed real keen on strict enforcement of the sanctions programs,” said Ron Oleynik, a partner at Holland & Knight’s office in Washington, D.C. He heads the firm’s head of the international trade practice. “But this one, to me, is the administration waking up and saying, ‘Oh, right we’ve gotta make sure people are toeing the line.’” While the activity in question occurred years ago, Oleynik noted that the government could have “let it die on the vine. They could have kept it quiet. But they’ve pursued it to the end, and they’re publicizing it.” The enforcement action centered on 87 net-settlement payments totaling more than $1 billion that J.P. Morgan Chase and a foreign bank processed between 2008 and 2013 for two unnamed airline associations with hundreds of members in the U.S. and abroad, (via Law.com).

Data security

EU privacy chief expects first round of fines under new law by year-end: report

Regulators are set to exercise their new powers by handing out fines and even temporary bans on companies that breach a new EU privacy law, with the first round of sanctions expected by the end of the year, the bloc’s privacy chief said. The European Union General Data Protection Regulation (GDPR), heralded as the biggest shake-up of data privacy laws in more than two decades, came into force on May 25. The new rules, designed for the digital age, allow consumers to better control their personal data and give regulators the power to impose fines of up to 4 percent of global revenue or 20 million euros ($23 million), whichever is higher, for violations.

Enforcers have since then been deluged by complaints about violations and queries for clarification, with France and Italy alone reporting a 53 percent jump in complaints from last year, European Data Protection Supervisor Giovanni Buttarelli said. “I expect first GDPR fines for some cases by the end of the year. Not necessarily fines but also decisions to admonish the controllers, to impose a preliminary ban, a temporary ban or to give them an ultimatum,” Buttarelli told Reuters in an interview. Data controllers, which could include social networks, search engines and online retailers, collect and process personal data while a data processor only processes the data on behalf of the controllers. Fines are levied by national privacy regulators in the various EU member states. While Buttarelli does not personally impose fines, he coordinates the work of privacy agencies across the bloc, (via Reuters).

Competition

Google to fight massive EU fine on anti-trust allegations

Google this week challenged a record 4.34-billion euro ($5 billion) fine imposed by European Union antitrust regulators three months ago for using its popular Android mobile operating system to thwart rivals, (via Reuters).

Securities

Insider trading laws haven’t kept up with the crooks

The laws around insider trading are outdated and unclear. They don’t even define “insider trading.” A top current and former government official say they have a way to fix that, (via the NY Times).

Regulations

Congress grills U.S. investigative agencies on how to stop more cyber-enabled criminal, terror threats targeting homeland

UK accountants may face possible ban on consultancy work if they are auditing, advising the same firm as authorities believe they may be a conflict of interest

Britain’s accounting watchdog could ban accountancy firms from consultancy work for clients whose books they check, it said on Monday, stopping short of a break-up of the Big Four auditors. Under pressure from lawmakers to toughen up supervision of accountants after collapses at outsourcer Carillion and retailer BHS, the Financial Reporting Council announced a new “strategic focus” to ensure that audit serves the public interest better. The Big Four of PwC, EY, Deloitte and KPMG often provide lucrative consultancy work to the same businesses they audit, raising concerns that accountants may not be willing to challenge management of those companies. PwC was fined a record 6.5 million pounds by the FRC in June for failing to flag its concerns about BHS. Its lead partner recorded only two hours of work on the audit but 31 hours on non-audit services.

“The review will include determining whether further actions are needed to prevent auditor independence being compromised, including whether all consulting work for bodies they audit should be banned,” the FRC said in a statement. Taking lessons from recent company failures, the FRC said it will look to toughen up requirements for auditors to determine if a company is correct in stating that it is a going concern, meaning it has sufficient resources to continue in operation for a year or more. The review will consider if accountants should say publicly if they have doubts about “realism” in a company’s statement on going concern, the FRC said. The government has already ordered an independent review of the FRC after it was described by lawmakers as timid in its handling of accounting firms, (via Reuters).

Iran’s parliament approved a bill on Sunday to bring the country’s banks in line with global standards on anti-terrorism financing and reduce their exposure as the Islamic Republic enters another new era of tough U.S. sanctions. The legislation, which includes reforms of Iran’s anti-money laundering laws, has been the focus of a tug of war between Iran’s governing moderates and their hardline conservative opponents, who say it represents a capitulation to Western dictates and risks Iran’s support for Lebanon’s Hezbollah, considered a terrorist group by the U.S.

The law still needs final approval from Iran’s Guardian Council -- a top constitutional body that vets legislation and elections. Moderates say the legislation is key to drawing much-needed foreign investment into Iran because it fulfills criteria set by the Paris-based Financial Action Task Force, an international body dedicated to combat money laundering and terrorism financing. Compliance with the organization’s guidelines, they say, significantly reduces the risk for international lenders of working with Iran’s banks and executing trade and project finance deals, (via Bloomberg).

South Korea

In major reckoning, South Korea’s former leader convicted in corruption case

Former South Korean President Lee Myung-bak was convicted and sentenced to 15 years in prison Friday in a corruption case that has badly tainted his status as the country’s first leader with a business background who once symbolized the country’s economic rise, (via AP).

For Google, a data privacy reckoning may finally come as a result of a service that it admits almost no one uses much anymore, an irony magnified by global efforts to better secure data – and punish firms that fail in that mission. Google said Monday it is shutting down the long ailing social network Google+ for consumer use amid new scrutiny of the company for reportedly failing to publicly disclose a security bug affecting hundreds of thousands of accounts on the service, (via CNN).